Skip to main content

Risk Mitigation

Experiments and Rollouts are making remote changes to the experience of live users, often millions of people. Doing QA and answering the risk questions carefully helps reduce the chance of production incidents. These are all “soft sign-offs” - in that you can check them yourself saying you have followed the guidance and are satisfied the risk is mitigated.

Types of risk include (but are not limited to)

  • Brand: If the public, users, or press were to discover this experiment and description, could it negatively impact their perception of our brand? This includes when that perceptions is unfounded. Example: We offered recommendations in a client-side, privacy respecting way, but the method of recommending could have been misconstued. Instead of an incident, when the question came up (reddit, hackernews, etc) it was good press because we quickly pointed people to the well-written SUMO description of how we were respecting user privacy when making recommendations.
  • Revenue: Impact from changes related to Search, New Tab, Ads, Pocket, etc should follow the VP Sign-off guidance.
  • Partnerships: If a partner is involved in any way, it raises risk and you should follow the Legal sign-off guidance. A partner could also be affected indirectly, for example if search functionality or presentation is altered. Considerations can include: revenue, licensing, partner privacy policy, contractual obligations, trademark usage, etc.
  • Sensitive Data: If you are using Category 3 or 4 data you need to work with legal and data. Follow the Legal Sign-off guidance.
  • AI data use: If your change relies on AI (e.g. ML, chatbot) in any way, it will need a legal product review.
  • Encryption: Encryption in your technoology is subject to export control laws and you need Legal Sign-off. Releasing to other countries could put our users at risk of criminal punishment and result in the country sanctioning our browser use. Even code shipped preffed off, could manually be activated. It is critical to NOT deliver encryption into these countries.